The Global Implications of the Alleged Gemalto Hack

The February 20, 2015 article in the Technology Section of the Wall Street Journal titled Digital-Security Firm Gemalto Probes Alleged U.S., U.K. Hack raises questions regarding the safety of the global community from alleged hacking. These global, national, personal, political, and economic security concerns are precipitating a “moral climate” of mistrust “marked by a push and pull between accusations of scaremongering on the one hand, and of cover-ups on the other” (Giddens, 2000, p. 47). Gemalto is one of the world’s largest producers of SIM cards, with billions manufactured annually. The article validates Anthony Giddens’ (2000) premise that globalization is a convergence and divergence of inequality in a “World Risk Society” (pp. 38-53). To date, Gemalto has been unable to verify that its security has been compromised. The company maintains that as of Wednesday, February 18, 2015 there is no evidence to substantiate the allegations of a possible security breach. The scope of this possible “para crisis” involves encrypted SIM cards distributed world-wide to mobile phone providers including China, the United Kingdom, France, Germany, as well as the United States.

However, news reports of the potential hacking have caused world stock market prices to plummet; thus, causing an imbalance to the global economy. Angered European politicians have implemented tighter security and “higher scrutiny” for their respective nations. This includes countries that are not directly connected to Gemalto. The article alludes that the Edward Snowden (NSA) leaks contributed to the allegations and have fueled the outrage of the global community. Further exacerbating the outrage were allegations that a “joint unit composed of operatives from the British GCHQ (Government Communications Headquarters) and the American NSA (National Security Agency) hacked SIM card encryption keys engraved in Gemalto (Euronext NL0000400653 – GTO) and possibly other SIM vendors’ cards” (Gemalto, 2015). In response to these allegations, Gemalto issued the following in a Press Release on February 20, 2015:

Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday.

We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques. ​There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and amongst businesses, this truly emphasizes how serious cyber security is in this day and age (Gemalto, 2015).

Interestingly, while researching Gemalto’s website for additional information for this blog, the tag line: “We help people to trust one another in an increasingly connected digital world” was prominent on the company’s homepage; thus, clarifying the company’s premise of trust and security. Clearly, Gemalto, with its high-profile governmental, financial, and business clientele is aware of the risks that come with this type of sensitive digital data.

The scale and nature of the particular risks Gemalto faces from hackers is difficult to estimate. Giddens (2000), describes this “new riskiness to risk,” which eludes the “possibility of calculation” (p. 46). Since technology is an ever expanding frontier, new potential compromises to security arise as rapidly as existing ones are addressed. Technological risks companies like Gemalto face, are not privy to “actuarial prediction,” where a limited set of variables can predict the outcomes, as in automobile accidents (Giddens, 2000, p. 46). Being aware of this paradigm is crucial to the success of any company in a globalized environment.

As external stakeholders, it is important that we pay attention to security risks and demand that multinational organizations like Gemalto confront these risks using a “modernist” approach. Such an approach would benefit all stakeholders, so that vulnerability to hackers can be preemptively addressed (Pal & Dutta, 2008, pp. 159-179). It is clear that Gemalto favors the “industry best practices” approach when dealing with security risks as exemplified with their tag-line. By also adhering to a “normative standard,” Gemalto is sending the message to their stakeholders that they are able to handle risk-security breach situations with composure and intelligence.

If organizations are doing what is prescribed, is it possible that the media have exploited facts from the past, into a sensitive situation that instills fear and outrage? Perhaps Gemalto is not to blame in this situation, and perhaps the media is sensationalizing this serious implication in order to draw public attention in the name of making money. Or, could government operatives be using this type of tactic in order to instill a false sense of security to terrorists in order to make them more prone to recklessness in the future?

Stories like these are important with evolving technological breakthroughs and need vigil observation.